Software is often written so that it can be dynamically extended. That is, an application may be written so that during execution, it can initiate software that extends its original functionality by making an extension point available to the extending software. The extending software typically is activated if and when it is needed or when it is found: that is, it is not necessarily activated when the application is activated. The pieces of software that extend the functionality of an application beyond that provided by the original application are often called extensions.
An extension is often written at a different time and by a different business entity than that which produced the original application which it extends. Activation of an extension by an extendable application thus is often problematic because the code for the extension has not been tested by the developers of the extendable application. Thus, execution of an extension may make the extendable application crash or may have other deleterious effects. In addition, the set of available extensions must be somehow dynamically discovered by the extendable application while the extendable application is executing because when the extendable application is coded, there is no way of knowing what extensions will be available when the extendable application is executed. In known systems, different extendable applications use their own proprietary ways of arranging their extension points and of finding and linking with extensions for those points. As a result, the operating system does not know or understand the relationships between the extendable application and the extension and cannot control or manage them.
In addition, installation of extensions usually results in ad-hoc changes to the state of the machine. For example, files, directories or the contents of files may be changed, in order that the extendable application can be made aware of the available extensions. This state of affairs tends to make managing the machine problematic for users.
When an extension executes, it may use any of the resources to which it has access, and may use them in harmful ways or in ways that the extendable application does not expect. Extensions which are loaded into the same process in which the extendable application is executing share all the resources (including core memory, for example) of the extendable application with the extendable application. This may very easily wreak havoc with the functions of the extendable application. Robustness of the extendable application is compromised because any fault or error in the extension may cause the extendable application to fail. While extensions which are loaded into their own process do not share in-core memory with the extendable application, improving robustness of the extendable application, in general, the extension will have access to the whole set of resources on the machine on which they execute. This occurs because, typically, access to resources is controlled by access control lists (ACLs) specifying a user's ability to read/change, etc. a particular resource. In such operating systems, a process is started with a set of credentials identifying the user they work for. The operating system uses those credentials to determine whether to grant or deny access to a resource when a process uses the resource name in an access request operation (e.g., opening a file, given its file name).